Hello, I tried for some time to understand how the cache invalidation works on the clients, and I have to admit that I am even more confused that when I started, therefore I would like to ask if there is someone who can either explain or point me to the relevant documentation. I'll describe bellow the situation I am currently facing:
PHASE 1 - RedHat Idm with AD trust configured (non-posix) - override the UID of AD users in Idm - on the clients run the id <username> ; the correct (overwritten ) UID and an auto-generated GID is displayed PHASE 2 - overwrite the GID as well on Idm - on the clients still the old auto-generated GID is displayed (after sss_cache -E and restart of sssd) when I run id <username> - remove everything in /var/lib/sss/db , restart sssd and run id <username> - no user found - getent group <username> - new overwritten GID is displayed - id <username> displays the correct UID and GID For the users who are not in cache, restarting sssd seems to be enough (although I did not test if thoroughly). My question is : What do I have to do on the client in order to have the latest information from the Idm Override ? Apparently sss_cache -E and restart ssssd is not enough . Do we always need to remove everything in /var/lib/sss/db in order to have the latest information from the server ? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure